A serious flaw in software widely used to power online discussion sites could allow hackers to harvest reams of personal data, the BBC has learned.
The flaw in a specific version of the vBulletin software allows anyone to easily access the main administrator username and password for a site.
This would also allow hackers to access data, such as e-mail addresses, and edit the site at will.
The owner of the program - Internet Brands - released a fix on 21 July.
However, at time of writing, many sites remain vulnerable.
The BBC was alerted to the problem by Stuart Wright of audio visual reviews site AV forums, which uses the software for its discussion boards, before the patch was released.